PT-2025-33079 · Unknown · Quickshare File Server
Published
2025-08-13
·
Updated
2025-08-14
·
CVE-2011-10010
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions:
QuickShare File Server version 1.2.1
Description:
QuickShare File Server version 1.2.1 contains a path traversal vulnerability in its FTP service due to improper sanitation of user-supplied file paths. Authenticated users can exploit this flaw by submitting crafted sequences to access or write files outside the intended virtual directory. When the “Writable” option is enabled (default during account creation), attackers can upload arbitrary files to privileged locations such as system32, enabling remote code execution via MOF injection or executable placement.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Quickshare File Server